./security/base, Analysis engine to process a database of security events

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: pkgsrc-2009Q1, Version: 1.4.3.1, Package name: base-1.4.3.1, Maintainer: adrianp

The Basic Analysis and Security Engine (BASE) is a PHP-based analysis
engine to search and process a database of security events generated by
various IDSes, firewalls, and network monitoring tools. The features currently
include:

o Query-builder and search interface for finding alerts matching
on alert meta information (e.g. signature, detection time) as well as
the underlying network evidence (e.g. source/destination address, ports,
payload, or flags).

o Packet viewer (decoder) will graphically display the layer-3 and
layer-4 packet information of logged alerts

o Alert management by providing constructs to logically group alerts
to create incidents (alert groups), deleting the handled alerts or
false positives, exporting to email for collaboration, or archiving of
alerts to transfer them between alert databases.

o Chart and statistic generation based on time, sensor, signature, protocol,
IP address, TCP/UDP ports, or classification


Required to run:
[mail/pear-Mail] [mail/pear-Mail_Mime] [lang/perl5] [databases/adodb] [databases/php-mysql] [databases/mysql5-client] [graphics/php-gd] [graphics/pear-Image_Color] [graphics/pear-Image_Graph] [net/php-sockets] [sysutils/pear-Log] [www/ap-php] [math/pear-Numbers_Words] [math/pear-Numbers_Roman]

Required to build:
[www/apache22]

Package options: mysql

Master sites: (Expand)

SHA1: bf0a9bbc7131eb84d4b85d25e2fe878da31582c4
RMD160: e12ec80997df17f4bf3e8ea016da6fc0414044c1
Filesize: 946.065 KB

Version history: (Expand)


CVS history: (Expand)


   2009-06-07 12:15:56 by Matthias Scheler | Files touched by this commit (4) | Package updated
Log message:
Pullup ticket #2787 - requested by adrianp
base: security update

Revisions pulled up:
- security/base/Makefile			1.24
- security/base/PLIST				1.9
- security/base/distinfo			1.11
- security/base/patches/patch-aa		1.3
---
Module Name:	pkgsrc
Committed By:	adrianp
Date:		Sat Jun  6 11:26:19 UTC 2009

Modified Files:
	pkgsrc/security/base: Makefile PLIST distinfo
	pkgsrc/security/base/patches: patch-aa

Log message:
4/03/2009 1.4.2 (chandy)
- EmThreats_link opens now in separate browser window -- Juergen Leising
for Micah Gersten
- A new reference "[rule]" points now to base_local_rules.php,
which displays a particular rule for a given rules id (sid).
Prerequisite for this is that "local_rules_dir" in base_conf.php
points to an actually existing and readable/searchable directory which
contains the snort rules.  Please note, that a web server
is usually NOT allowed to access any files outside of its
document root.  Feature request by Chris Ryan, cf.
https://sourceforge.net/forum/message.php?msg_id=5310420
https://sourceforge.net/forum/message.php?msg_id=5311517
-- Juergen Leising
- Update of base.spec; works with fedora 10 -- Juergen Leising
- I have applied two patches submitted by asavenkov
with regard to the oci8 driver (oracle 10), cf.
https://sourceforge.net/forum/message.php?msg_id=5795641
https://sourceforge.net/forum/message.php?msg_id=5796556
-- Juergen Leising
- The "email-the-alerts"-variables were defined twice at different
locations in base_conf.php.  Fixed this.  -- Juergen Leising
- Emails from BASE containing one or more alerts include now a
"To:"-header, as well.  Bug report no. 2234733 -- Juergen Leising
- $sort_order, once it has been chosen, survives now a possible "action",
even in base_stat_uaddr.php, base_stat_ports.php, base_stat_iplink.php,
base_stat_class.php and base_stat_sensor.php.
Bug no. 2234745. -- Juergen Leising
- The refresh-problem, when an "action" has been taken, is now fixed in
base_stat_uaddr.php, base_stat_ports.php, base_stat_iplink.php,
base_stat_class.php and base_stat_sensor.php, as well.
Bug no. 1681012. -- Juergen Leising
- I have corrected the way ICMP redirect messages are displayed
by BASE, inspired by Bruno G. San Alejo. -- Juergen Leising
- Several preprocessor events that did not get stored in the acid_event
table, so far, are now processed and displayed by BASE.  This affects
all those preprocessors which have sig names that do NOT start with
a "spp_" prefix. -- Juergen Leising
- Fixed bug with archiving IP options. -- Juergen Leising

5/14/09 1.4.3 (gabi)
- XSS Flaws fixed in alert groups -- Kevin Johnson
- Possible SQL injection flaw fixed in AG -- Kevin Johnson
- XSS Flaws fixed in base_qry files -- Kevin Johnson
- Multiple XSS flaws fixed in citems -- Kevin Johnson

5/30/09 1.4.3.1 (zig)
- Multiple XSS flaws fixed in User and Role management -- Kevin Johnson